Vulnerability Description
The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and upload arbitrary files and possibly execute arbitrary code, via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Comment Upload Module | 4.7 |
Related Weaknesses (CWE)
References
- http://drupal.org/node/216024
- http://drupal.org/node/216035
- http://drupal.org/node/216036
- http://secunia.com/advisories/28729Vendor Advisory
- http://www.securityfocus.com/bid/27544
- http://www.vupen.com/english/advisories/2008/0374/references
- http://drupal.org/node/216024
- http://drupal.org/node/216035
- http://drupal.org/node/216036
- http://secunia.com/advisories/28729Vendor Advisory
- http://www.securityfocus.com/bid/27544
- http://www.vupen.com/english/advisories/2008/0374/references
FAQ
What is CVE-2008-0569?
CVE-2008-0569 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 module for Drupal does not properly use functions in the upload module, which allows remote attackers to bypass upload validation, and ...
How severe is CVE-2008-0569?
CVE-2008-0569 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0569?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Comment Upload Module.